[Full-disclosure] The Router Hacking Challenge is Over!
Petko D. Petkov
pdp.gnucitizen at googlemail.com
Sat Mar 1 22:08:29 GMT 2008
The Router Hacking Challenge is Over! We've got some very interesting
results which prove that routers', and in general embedded devices',
security is poor. There is definitely more room for further
development and we urge security researchers and hobbyists to keep the
challenge alive with new submissions. I hope that the challenge was as
educational and entertaining as practical and useful to all of us.
Here is a quick summary, in no particular order, of the types of
vulnerabilities we are exhibiting:
* authentication bypass
* a-to-c attacks
* csrf (cross-site request forgeries)
* xss (cross-site scripting)
* call-jacking - like making your phone dial numbers or even survey
room's sound where the phone resides
* obfuscation/encryption deficiencies
* UPnP, DHCP and mDNS problems - although not officially reported,
most devices are affected
* SNMP injection attacks due to poor SNMP creds.
* memory overwrites - well it is possible to overwrite the admin
password while being in memory and therefore be able to login as admin
* stealing config files
* cross-file upload attacks - this is within the group of csrf attacks
* remote war-driving - way cool
* factory restore attacks
* information disclosure
* etc, etc, etc
Please check the project page for more information and be sure that we
will continue posting interesting info on that subject in the future.
Also, if you have some findings on your own, pls let us know as we are
very interested to learn about.
Full-Disclosure is hosted and sponsored by Secunia.